Costco Wholesale Corporation is warning American internet users to be wary of more than a dozen digital scams targeting its customer base. On its website, HERE the American multinational corporation has published screenshots of 14 "prominent fraudulent emails, texts, and posts" in which cyber-criminals are impersonating Costco The majority of the traps use financial benefits to lure victims, promising free products, financial reimbursements, exclusive offers, cash-back rewards, and gift cards worth $50. Many try to trick to victims into sharing their personal information by asking them to take a short survey in order to claim a prize.
Cyber-criminals impersonating Costco are also exploiting the coronavirus pandemic to con customers. One scam tells shoppers that a Covid-19 stimulus package consisting of $130 of free merchandise will be given to "loyal Costco members" who fill in a customer survey. Another survey-based scam tells customers that they will receive a free HDTV as a thank you for always paying their bills on time, if they answer questions about their Costco shopping experiences.
Other social engineering tactics deployed by threat actors include the exploitation of Americans seeking employment. One scam email falsely told the recipient that Costco was "currently taking interviews for positions in your area that pay up to $21.00 per hour." The target was told that after sharing their personal details, they would receive confirmation of a job interview with the company.
A fraudulent phishing email flagged by Costco uses a limited-time offer and the promise of an exclusive giveaway to put pressure on victims to take the bait. It reads: "Congratulations! You have been specially selected to participate in our exclusive giveaway. Click here for a chance to win one of the exclusive prizes from our sponsors. Good luck!"
The scams have appeared in inboxes, mailboxes, on social media, and via text message. One scam tells victims that they have won a prize in the "supermarket customer sweepstakes raffle draw" and will receive their first payment of $6,994,92 after they pay a $3,860 processing fee. "These offers are not from Costco Wholesale," said Costco. "You should not visit any links provided in messages such as these, and you should not provide the sender any personal information."
WHAT CAN YOU DO?
- Never respond to emails that cannot be verified.
- Never provide personal information via e-mail.
- Contact the business by using legitimate phone numbers to verify the request.
- Enter websites using your browser and not by clicking on provided links.
- Be cautious of any solicitation requesting that you deposit a check or pay a fee to collect a prize, get a job, or cover vaguely described "costs."
- Consider filing a report with the Federal Trade Commission and/or state attorney general's consumer protection office, or the FBI. Online complaints may be filed with the FTC at https://www.ftccomplaintassistant.gov/, and white collar crimes may be report to the FBI at //www.ic3.gov/complaint/default.aspx.
Red Sky Alliance has been has analyzing and documenting cyber threats and groups for over 9 years and maintains a resource library of malware and cyber actor reports available at https://redskyalliance.org at no charge. Many past tactics are reused in current malicious campaigns.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
• Website: https://www.wapacklabs.com/
• LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
https://www.infosecurity-magazine.com/news/costco-issues-scam-warning/